⭐️ A curated list of awesome forensic analysis tools and resources

:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.

No description provided.

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

This will compile a list of Android, iOS, Linux malware techniques for attacking and detection purposes.

Kali Linux in Docker + Ubuntu 22.04 in Docker for Bug Bounty, Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. Kali Linux inside with Docker with or without support with systemd, repository also contains Proof of Concept with kind (Kubernetes in Docker) to test Kali Linux with enabled systemd in K8s cluster

A Volatility plugin for finding sqlite database rows

The forensic analysis write-up / walkthrough for forensic disk image.

An updated C# port of X-Ways X-Tensions API.

Guymager is a free forensic imager for media acquisition. It is based on libewf and libguytools.

Extract valid or partially valid domain names and IPs from malicious or invalid URLs.

Dump a process memory and extract data based on regular expressions.

LiveDiff is a portable system-level differencing tool for Microsoft Windows-based operating systems

Access Expert Witness Format (ewf/E01/L01) files using Golang

A python-based tool to extract forensic info from ActivitiesCache.db (Windows Activity Timeline)

Docker images of open source forensic tools

CFREDS case study for subject code: CTMTCS S2 P2

CSAM/anti-trafficking forensics toolkit (Windows/Linux): safe triage via hashes & blurred thumbnails, YARA, ADS, browser/registry artifacts, reports & immutable logs.

Parrot OS (Core/Security) or just Parrot Tools in Docker with the usage of Makefile, Dockerfiles and docker-compose.yaml for Bug Bounty, Penetration Testing, Security Research, Computer Forensics and Reverse Engineering, repository also contains Proof of Concept with kind (K8s in Docker) for ParrotOS with/without systemd in K8s cluster

CTF Suite is a collection of tools you can use during Capture The Flag competitions. These tools are aimed at specific categories of problems and are specific to Jeopardy-style CTFs.

This repository contains the forensic tools we made.

computer forensics

A Python script to extract and analyse EXIF data

CellXML-Registry.exe is a portable Windows tool that parses an offline Windows Registry hive file and converts it to the RegXML format. CellXML-Registry leverages the Registry parser project by Eric Zimmerman to aid in parsing the Registry structure.

This guide aims to assist investigators focused on cybercrime by providing guidance on incident handling, response, and thorough, methodical evidence processing. It is intended as a supplementary resource to support investigators and serve as a reminder, rather than as a standalone procedure. Toolkits will be available!!!

Crypto implementations analysis toolkit

bfcpf stands for "Brute Force CPF" and it is a CLI tool that breaks a partial CPF, finding all valid ones within the pattern given by the user.

WebLogHunter is a tool for parsing and analysing web server access logs to detect suspicious activity. It normalises logs into a standard DataFrame format for efficient querying and applies risk-scoring rules to highlight potential threats.